The Information Commissioner’s Office (ICO) has issued the fine following a cyber attack on the company two years ago.
A subsequent investigation by the ICO found that Interserve had failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information,” said John Edwards, UK Information Commissioner. “This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.”